Post NFA Migration Clean-up

Important Notification for NFA Partners Only

If you haven’t already, we highly recommend reviewing the current migration documentation here.  As you review the documentation please submit any questions to nmm.support@getnerdio.com.

  • New NFA account creation will be unavailable on November 30th 2021.
  • NFA will be fully supported until the official sunset - nfa.support@getnerdio.com.
  • We encourage all partners to watch this video, read all of our supporting KB's and consider preparing for migrations. The entire Nerdio team is here to support and guide all of our amazing partners during this transition.

This Guide will take you through the final steps of removing any remaining NFA assets, hosts and finally the account in NAP.


Now that users have been migrated to the NMM environment, you can turn down the NFA environment. The steps to do so are

 

SafeDNS

SafeDNS was an inclusive feature of NFA and isn't included in NMM.  Partners will need modify current DNS settings and consider what DNS service they will use going forward.

Note: If you imported your desktop image from NFA you may need to uninstall the SafeDNS client from the image.

 

Steps to remove SafeDNS

1) Firewall

  1. From DC01, open up the DNS Manager and right-click "DC01", then select properties.
  2. From the "Forwarders" tab, click Edit and add an IP address to a public DNS server such as Google  (8.8.8.8, 8.8.4.4) or CloudFlare (1.1.1.1)
  3. From your account in the Nerdio Admin Portal, expand the Network tab on the left and select Firewall.
  4. Click "Add Rule"
  5. Allow outbound traffic from any source using port 53 to the IP you used for the new forwarder.
  6. Ensure that the priority is above the existing system rule titled "Allow DNS to SafeDNS" (use a number lower than 501)
  7. Save the rule and confirm that DNS is functioning as expected.

2) Image(s)

 

Disable auto-scale on NFA host pools

In NFA portal, navigate to Servers, find your host pool and select Manage Auto Scale from the drop down menumceclip16.png

  1. Shut down all old host pools in NFA portal
  2. Disable auto-scale on all servers / personal desktops (in NFA portal)
  3. Configure auto-scale on servers in NMM portal

 

Demo Users and Groups

This is an opportunity to remove any UNUSED NFA Demo Users and Groups via NAP

Security Groups

  • Accounting Department Group
  • AVD Users
  • Executive Group
  • Finance Department Group
  • HR Department Group
  • IT Department Group
  • Legal Department Group
  • Marketing Department Group
  • Sales Department Group

mceclip0.png

 

Users

    • Andy IT Admin
    • Angie Accounting
    • Chad CEO
    • Sally Sales

mceclip2.png

*Please also review this guide of additional user objects that may exist from NFA provisioning

 

Federated Domains and PRX01

  • Unsure what Federation is or how to remove it via Powershell?
    • Read our guide here.
    • Watch our video here.
  • Not using Federation (common)
    • Delete PRX01 from Servers in NMM
  • Want to continue using Federation post migration?

 

Hosts and Pools

If you did NOT migrate your pool's image delete remaining hosts and host pools via NAP (Ensures removal of Scale Set(s) and Load Balancer)

Locate your "Classic" pools in Nerdio and ensure no users are still logged in

mceclip0.png

Delete the Pool and Hosts

mceclip1.png

 

mceclip2.png

Golden Image 

You won't be able to delete WVDSH00 in NFA, it must be done directly in Azure or in NMM via the Servers Blade

mceclip3.png

 

Destroy your NFA account 

Note: Original Nerdio KB

Note: DO NOT CHECK "Empty out and delete"

mceclip2.png

  1. DO NOT CHECK this box - leave this box unchecked to preserve existing resources in Azure that have been migrated
  2. Type in AZURE to confirm your selection
  3. Select Keep for Microsoft 365 resources - this will require a manual clean prior NFA service accounts used in NFA
  4. Type in M365 to confirm your selection

 

Configure Microsoft Entra Connect on DC01

During the initial provisioning process Nerdio configured Microsoft Entra Connect on DC01 and utilized the Express Settings Option.

During the Destroy process Nerdio removes all default users created during provisioning.  This removal includes the Sync_DC01 directory sync account used with Microsoft Entra Connect.

Best practices following Destroying the NFA account is to reinstall Microsoft Entra Connect on DC01 and configure a new Sync account.  Nerdio recommends using the "Express Settings" option unless you have customized Microsoft Entra Connect already.  Examples of customization would include enabling Password Writeback.

**If you're unsure of how to configure Microsoft Entra Connect, we recommend opening a ticket with Microsoft or your CSP.**

 

Back.png      

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.